Domain Typo Squatting: Where there is trust, there is an exploit

McAffee has an opinion, and if you trust them for your AntiVirus and personal computer “security”, that opinion is now shaping your Internet experience.

Hacking credo: where there is trust, there is an exploit. It goes way back. The art of the con… find or create a point of trust, and you have opportunity to misdirect. So when I see a “computer security firm” expressing opinions like I see in this so-called “study”, I worry.

McAffee says it decided to study typo squatting, the practice of registering domains that are typos of existing domain, in order to serve the direct trafic that comes when people mis-type the domain name in the browser location bar. The trite example is someone intends to go to iphone.com but types iophone.com. Whomever registered iophone.com is said to be “typosquatting”. Typically the typo domain has a page of ads on it.

What bothers me about poorly done “research” like this McAffee report, is the bias. I can’t get past the obvious bias. It’s not just bad, sloppy research, but it is clearly agenda driven. McAffee has an opinion, and by claiming to base that opinion in fact or research, they feel justified to impose controls via their security products. Typo domains will be flagged as suspect, not to be trusted, based on McAffee’s determination. But I see that bias because I am active in the domain and web publishing worlds. I am quite sure the public will not see the bias so easily.
Consider for yourself the domain cruise.com. Before you look, what would you expect to appear there? Most would say a web site about cruises. Some would guess a parked page. It doesn’t really matter because it is what it is, and because this Internet thing is a free market, anyone with an idea can pursue the rights to publish on the cruise.com domain. It might cost money to secure the rights, but if it’s a good business idea, well, that’s how markets work. And if there is an opportunity on a typo domain, that, too is handled by the market.
Actually cruise.com is indeed a website about cruises. Now, consider criuse.com, a common typo of cruise.com. What would you expect to find at criuse.com? Most would say a parked page, as you might find with the typical typo squatter. Well, it’s a cruise web site. Go figure.

Actually, it is a partially built cruise website, representative of a domainer exploring the frontier beyond parked pages, with actual content. Many links are broken, and it is search driven to a large degree. But is it worthy of censorship by products like McAffee’s antivirus and security products? If it was a parked page yesterday, and is a half-built content site today, what might it be tomorrow? If you use McAffee, you may never know. McAffee says it’s a “typo squatter” when actually it’s a webmaster just like every other site on the Internet. A web master publishing content…working through the steps to publish and tune a website to serve the audience for commercial gain. Why is McAffee judging intent and censoring the web?
Were there is trust there s an exploit. McAffee has trust for its antivirus products, and now they expand to include “safe Internet surfing” and impose editorial opinion and exploit the trust for commercial gain. The generic domain cruise.com has some trust, which is exploited by the typo squatter at criuse.com. Which is more evil? I think the average surfer hitting criuse.com will figure out if the site is devoid of value for themselves. They can also decide if the ads are good things to click. But I don’t think they will ever recognize that a company like McAffee is censoring their Internet experience based on sloppy research and opinion.
An example statement from that McAffee report (bold added):

In general, we have erred on the side of caution when deciding whether a site is typo-squatting. Our signature based methodology described earlier is designed to reduce false positives – sites that are incorrectly flagged as typo-squatters. More specifically, if a site does not include a signature of a known domain parking company, we do not flag the site as a typo-squatter even though the site may in fact be attempting to profit from brand name confusion.

Bingo. In other words, even after all this “research” into what is and what is not typo squatting and how typo squatting is good or bad for consumers, the bottom line is McAffee’s products will only flag domains owned by the major parking companies as suspect, unworthy, “yellow”, unsafe, etc. See the bias?Editor’s Note: I purposefully misspelled McAffee throughout this article because I wanted to.

I definitely understand your position on this. I think that the article was more focused on “branded” domain names, as opposed to generic names. If I have a company, and I roll out a product called the “iphone”, then yes I believe that I should have the right to any traffic that is generated based on that name or common mutations of that name. Especially if that name has been trademarked by me. But, for something like “cruise.com”; it’s a generic word that can be found in the dictionary, and in my opinion I have just as much a right to own that name, and any of its typos, as the next man. I think this is where the line gets blurry for Mcafee. If they place just as much bias on generic “dictionary” phrases as they do with trademarked brand names, then they are, as you mention, seriously handicapping the web user experience.

It’s a balancing act that needs to be approached with detail, otherwise there will definitely be some collateral damage. I think a good solution to this problem would be education. We should educate trademark/business owners on the value of purchasing their own domain name misspellings. If they understood how much money they’re leaving on the table, they would think twice about ignoring typos. We’ve moved ahead on this front, but not as fast as we should be.

@Awaken: I agree trademarked are different in some ways, but there are also separate/related issues with trademarks. For exampe, when Apple named it’s iphone someone already owned iphone.com and in fact iwhatever.com was a popular trend among domain speculators just as ewhatever.com represents “digital”. What gives Apple the right to “decide to own the iwhatever.com trademark family? They can’t, you might say, but how many companies have indeed tried to do just that? See the comment about Pirelli, and the story of Nissan, and many, many more.

One could argue that the corporations are just “trying whatever regardless of rights, because they might win some of it” and guess what, that’s what domainers are doing.

I think the law about confusingly similar is ok, but the cost of arguing is too high and the cost of domains is too low. Should CocaCola spent $7 for cocacola.com and stop registering domains, assuming every other variant that might be confusingly similar will be defacto left unregistered by the fair marketplace? Or should they proactively establish their trademark by registering variants? Oh, and if cybersquatters face a $100k fine, what sort of fine should Pirelli face for going after zero.org and zero.us as part of their PZero brand protection?

Did you purposely misspell the name of such a well-known antivirus software company as McAfee? Talk about typos. But then I realized you probably did it on purpose, so we could all go to http://www.mcaffee.com and see the typo squatter site at that URL. :)